Dell Unity: How to Renew a Self-signed Certificate and Import it to the Browser

Summary: How to renew a self-signed certificate and import it to the browser (User Correctable)

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Note: The file /EMC/backend/CEM/ssl/.doNotGenerateCert may prevent the certificate from being updated. Rename it before following the procedure below.

 

Note: The certificate may be automatically renewed when the hostname of the Unity is modified. Follow article 000022509 How to manually renew a Unity Management SSL certificate as a workaround if you prefer to rename.

 

  1. Create a folder for the new certificate:
service@Unity_LAB spb:~/user> mkdir cert
service@Unity_LAB spb:~/user> cd cert
  1. Generate a private key:
service@Unity_LAB spb:~/user> openssl genrsa -des3 -passout pass:emcemc -out server.key 4096
  1. Create a CSR file (C=Country, ST=State, L=Location, O=Orginaisation, CN=CommonName - all are optional except the CN):
service@Unity_LAB spb:~/user> openssl req -new -sha256 -key server.key -passin pass:emcemc -out request.csr -subj '/C=US/ST=MA/L=Sarasota/O=MyCust/CN=5.6.7.11/'
  1. Self-sign the CSR file with the private key. If there is an unable to write 'random state', error, try the root account:
service@Unity_LAB spb:~/user> openssl x509 -in request.csr -sha256 -out unitycer.crt -req -signkey server.key -days 1825

 

Note: If you prefer to sign it by a Certificate Authority (CA), see article 000021122 How to replace Unisphere self-signed SSL certificates with signed certificates.

 

  1. Remove the passphrase from the private key because Unity does not support it:
service@Unity_LAB spb:~/user> openssl rsa -in server.key -passin pass:emcemc -out unitycer.pk
  1. Import the certificate to the SP:
service@Unity_LAB spb:~/user> svc_custom_cert unitycer
  1. To verify the result:
openssl s_client -connect <Unity_IP>:443 < /dev/null | openssl x509 -noout -text


The browser shows warnings like below for self-signed certificate.

"The security certificate presented by this website was not issued by a trusted certificate authority"  <--Internet Explorer

"This server could not prove that it is xx.xx.xx.xx; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection."  <--Chrome


These errors can be avoided by importing the certificate to the browser. Below are the steps for IE.

  1. Browse to your page in Internet Explorer which should use your self-signed SSL certificate. 
  2. Click Continue to this website (not recommended) 
  3. Click Certificate error in the address bar, and then click View certificates.
  4. Click Install Certificate and Next.
  5. Click Place all certificates in the following store, and then click Browse.
  6. Inside the dialog box, click Trusted Root Certification Authorities, and then click OK.
  7. Finish the dialog.
  8. Click Yes to trust the certificate when you get a security warning.
  9. Reload your page. The certificate should be working fine now.

Affected Products

Dell EMC Unity Family

Products

Dell EMC Unity Family
Article Properties
Article Number: 000019707
Article Type: How To
Last Modified: 16 Oct 2025
Version:  6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.